You are here

SkyVault Content Services 5.2 » Administering

Setting up authentication and security

Use this information to manage authentication in SkyVault Content Services, and to configure keystores for repository encryption.
The first time you access a clean SkyVault Content Services installation, you can identify yourself by entering a new user name and password in the Sign in screen. If you sign in with the credentials of a user with administrator privileges, you can create additional users and assign them passwords. In this out-of-the-box set up, you can manage the user base and their passwords manually.
Note: Choose a strong, unique password for your admin account, and consider changing it regularly.

From here, there are a number of common customizations you might want to make to scale up to the needs of a larger enterprise. For example, you might want to:

  • Enable automatic sign-on using operating system credentials or a Single Sign-On (SSO) server to remove the need for a Sign in screen
  • Delegate authentication responsibility to a central directory server to remove the need to set up users manually
  • Protect your repository and Solr communications using encryption
  • SkyVault Content Services securitySkyVault Content Services security comprises a combination of authentication and authorization.
  • Mitigating brute force attack on user passwordsSkyVault Content Services 5.2 provides basic out-of-the-box protection against brute force attacks on password logins.
  • Managing SkyVault keystores The out-of-the-box SkyVault Content Services installation has a pre-configured main keystore, which contains a secret key generated by SkyVault Content Services. If you want to use encrypted properties, you should create your own keystore with your own password, and update the metadata file appropriately.
  • Cryptographic password hashingSkyVault Content Services uses cryptographic password hashing technique to securely store passwords.
  • Encrypting properties The SkyVault-global.properties file (and other subsystem properties file) holds configuration properties that contain sensitive information or passwords, such as db.password. Use this information to encrypt any property using the SkyVault Encrypted Properties Management Tool.
  • Authentication subsystems Authentication is one of the categories of the SkyVault Content Services subsystem. An authentication subsystem is a coordinated stack of compatible components responsible for providing authentication and identity-related functionality to SkyVault Content Services.
  • Authentication chain The authentication subsystem types allow you to integrate SkyVault Content Services with the authentication servers in your environment. However, if integrating with only one of these systems is not sufficient, you might want to combine multiple authentication protocols against a collection of servers.
  • Configuring authentication subsystems A number of examples demonstrate how to express various authentication configuration requirements in subsystem instances in the authentication chain. They also explain how the authentication chain integrates the functions of multiple subsystem instances into a more powerful conglomerate, letting you cater for even the most complex authentication scenarios.
  • Configuring synchronization The synchronization subsystem manages the synchronization of SkyVault Content Services with all the user registries (LDAP servers) in the authentication chain.
  • Managing authentication directories Use Directory Management in the Admin Console to set up authentication chains, and configure external SSO, CIFS and FTP authentication. The Directory Management feature gives you the ability to configure and test connections to various directory services. 
  • Authorities Authorities are people (or persons) or groups.
  • Defining permissions Permissions and their groupings are defined in an XML configuration file.
  • Access Control Lists An Access Control List (ACL) is an ordered list of one or more Access Control Entries (ACE). An ACE associates a single authority to a single permission group or permission, and states whether the permission is to be allowed or denied. All nodes have an associated ACL.
  • Modifying access control Modifying access control can involve changing definitions, adding services, defining types and aspects, or adding definitions to new or existing security interceptors.
  • Public services Security is enforced around public services. Web services, web scripts, SkyVault Share, CIFS, WebDAV, FTP, CMIS, and more, all use public services, and therefore include security enforcement.
  • Implementation and servicesSkyVault Content Services enforces security services for managing authentication information.
  • Admin password in default authentication The Admin user password is used by the default authentication system.
  • Security policies and filters You can configure a number of policies and filters in SkyVault Share to mitigate security attacks.
Parent topic: Administering

© 2017 TBS-LLC. All Rights Reserved.